[PATCH] fix oops on rmmod capidrv
Hi, I think the patch below fixes a long-standing bug on rmmod capidrv. Please apply. Kind regards, Gerd Fix overwriting the stack with the version string (it is currently 10 bytes + zero) when unloading the capidrv module. Safeguard against overwriting it should the version string grow in the future. Should fix Kernel Bug Tracker Bug 9696. Signed-off-by: Gerd v. Egidy <[EMAIL PROTECTED]> diff -r -u linux-2.6.23.orig/drivers/isdn/capi/capidrv.c linux-2.6.23/drivers/isdn/capi/capidrv.c --- linux-2.6.23.orig/drivers/isdn/capi/capidrv.c Tue Oct 9 22:31:38 2007 +++ linux-2.6.23/drivers/isdn/capi/capidrv.cThu Jan 24 16:47:55 2008 @@ -2306,13 +2306,14 @@ static void __exit capidrv_exit(void) { - char rev[10]; + char rev[32]; char *p; if ((p = strchr(revision, ':')) != 0) { - strcpy(rev, p + 1); - p = strchr(rev, '$'); - *p = 0; + strncpy(rev, p + 1, sizeof(rev)); + rev[sizeof(rev)-1] = 0; + if ((p = strchr(rev, '$')) != 0) + *p = 0; } else { strcpy(rev, " ??? "); } -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
[PATCH] fix oops on rmmod capidrv
Hi, I think the patch below fixes a long-standing bug on rmmod capidrv. Please apply. Kind regards, Gerd Fix overwriting the stack with the version string (it is currently 10 bytes + zero) when unloading the capidrv module. Safeguard against overwriting it should the version string grow in the future. Should fix Kernel Bug Tracker Bug 9696. Signed-off-by: Gerd v. Egidy [EMAIL PROTECTED] diff -r -u linux-2.6.23.orig/drivers/isdn/capi/capidrv.c linux-2.6.23/drivers/isdn/capi/capidrv.c --- linux-2.6.23.orig/drivers/isdn/capi/capidrv.c Tue Oct 9 22:31:38 2007 +++ linux-2.6.23/drivers/isdn/capi/capidrv.cThu Jan 24 16:47:55 2008 @@ -2306,13 +2306,14 @@ static void __exit capidrv_exit(void) { - char rev[10]; + char rev[32]; char *p; if ((p = strchr(revision, ':')) != 0) { - strcpy(rev, p + 1); - p = strchr(rev, '$'); - *p = 0; + strncpy(rev, p + 1, sizeof(rev)); + rev[sizeof(rev)-1] = 0; + if ((p = strchr(rev, '$')) != 0) + *p = 0; } else { strcpy(rev, ??? ); } -- To unsubscribe from this list: send the line unsubscribe linux-kernel in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
2.6.11-rc3: oops in pdflush
Hi, rc3 vanilla oopses within 2 or 3 hours of heavy io load (rdiff-backup of ide disk (reiserfs3) to usb-storage (reiserfs3 on dm-crypt) and listening to internet radio in parallel). This is 100% reproducable here. Usually there occur 4 or 5 of very similar looking oopses within 3 hours until the machine is not usable anymore (all commands stuck, sysrq-sync not completing) and I have to reboot. To me the error message looks like a lock imbalance but I'm not a kernel hacker... Does anybody have an idea whats going on here? Please CC me as I'm not subscribed. Thank you. Kind regards, Gerd Feb 8 16:00:38 fire kernel: Unable to handle kernel paging request at virtual address 0002ba10 Feb 8 16:00:38 fire kernel: printing eip: Feb 8 16:00:38 fire kernel: c01a8377 Feb 8 16:00:38 fire kernel: *pde = Feb 8 16:00:38 fire kernel: Oops: [#4] Feb 8 16:00:38 fire kernel: Modules linked in: aes_i586 dm_crypt sd_mod usb_storage scsi_mod nfsd exportfs lockd sunrpc md5 ipv6 autofs4 dm_mod video button battery ac uhci_hcd ehci_hcd parport_pc parport i2c_viapro i2c_core snd_via82xx snd_ac97_codec snd_pcm_oss snd_mixer_oss snd_pcm snd_timer snd_page_alloc gameport snd_mpu401_uart snd_rawmidi snd_seq_device snd soundcore 8139too mii reiserfs Feb 8 16:00:38 fire kernel: CPU:0 Feb 8 16:00:38 fire kernel: EIP:0060:[]Not tainted VLI Feb 8 16:00:38 fire kernel: EFLAGS: 00010282 (2.6.11-rc3) Feb 8 16:00:38 fire kernel: EIP is at sync_sb_inodes+0x3b7/0x3e0 Feb 8 16:00:38 fire kernel: eax: d746df48 ebx: c8534570 ecx: d8ac8a40 edx: cbc46fdc Feb 8 16:00:38 fire kernel: esi: c8534568 edi: cbc46f30 ebp: d680db3c esp: d746dec0 Feb 8 16:00:38 fire kernel: ds: 007b es: 007b ss: 0068 Feb 8 16:00:38 fire kernel: Process pdflush (pid: 141, threadinfo=d746c000 task=d74346f0) Feb 8 16:00:38 fire kernel: Stack: c047007b d7d1105c 0063 c03eed60 d746defc c0152200 c02955bf cbc46fe4 Feb 8 16:00:38 fire kernel:0246 c013c580 0011903f d746df48 cbc46f30 d746df48 d746df38 c0152200 Feb 8 16:00:38 fire kernel:c01a8536 c013c580 c0150910 d746df38 c015093d d746df34 f0da d746df48 Feb 8 16:00:38 fire kernel: Call Trace: Feb 8 16:00:38 fire kernel: [] pdflush+0x0/0x20 Feb 8 16:00:38 fire kernel: [] blk_congestion_wait+0x7f/0x90 Feb 8 16:00:38 fire kernel: [] autoremove_wake_function+0x0/0x50 Feb 8 16:00:38 fire kernel: [] pdflush+0x0/0x20 Feb 8 16:00:38 fire kernel: [] writeback_inodes+0x196/0x470 Feb 8 16:00:38 fire kernel: [] autoremove_wake_function+0x0/0x50 Feb 8 16:00:38 fire kernel: [] get_writeback_state+0x30/0x40 Feb 8 16:00:38 fire kernel: [] get_dirty_limits+0x1d/0xe0 Feb 8 16:00:38 fire kernel: [] background_writeout+0x76/0xb0 Feb 8 16:00:38 fire kernel: [] __pdflush+0x219/0x5f0 Feb 8 16:00:38 fire kernel: [] pdflush+0x1a/0x20 Feb 8 16:00:38 fire kernel: [] background_writeout+0x0/0xb0 Feb 8 16:00:38 fire kernel: [] pdflush+0x0/0x20 Feb 8 16:00:38 fire kernel: [] kthread+0x94/0xa0 Feb 8 16:00:38 fire kernel: [] kthread+0x0/0xa0 Feb 8 16:00:38 fire kernel: [] kernel_thread_helper+0x5/0x18 Feb 8 16:00:38 fire kernel: Code: 97 ac 00 00 00 e9 1c fe ff ff 0f 0b 6b 01 8a 4d 39 c0 e9 e4 fd ff ff 89 e8 e8 66 10 00 00 85 c0 0f 85 c8 fd ff ff e9 0a fd ff ff <8b> 05 10 ba 02 00 00 00 ff d1 e9 25 fd ff ff 8b 9f b4 00 00 00 Feb 8 16:00:38 fire kernel: fs/inode.c:785: spin_lock(fs/inode.c:c03d8350) already locked by fs/fs-writeback.c/430 Feb 8 16:54:52 fire kernel: Unable to handle kernel paging request at virtual address 0002ba10 Feb 8 16:54:52 fire kernel: printing eip: Feb 8 16:54:52 fire kernel: c01a8377 Feb 8 16:54:52 fire kernel: *pde = Feb 8 16:54:52 fire kernel: Oops: [#5] Feb 8 16:54:52 fire kernel: Modules linked in: aes_i586 dm_crypt sd_mod usb_storage scsi_mod nfsd exportfs lockd sunrpc md5 ipv6 autofs4 dm_mod video button battery ac uhci_hcd ehci_hcd parport_pc parport i2c_viapro i2c_core snd_via82xx snd_ac97_codec snd_pcm_oss snd_mixer_oss snd_pcm snd_timer snd_page_alloc gameport snd_mpu401_uart snd_rawmidi snd_seq_device snd soundcore 8139too mii reiserfs Feb 8 16:54:52 fire kernel: CPU:0 Feb 8 16:54:52 fire kernel: EIP:0060:[]Not tainted VLI Feb 8 16:54:52 fire kernel: EFLAGS: 00010282 (2.6.11-rc3) Feb 8 16:54:52 fire kernel: EIP is at sync_sb_inodes+0x3b7/0x3e0 Feb 8 16:54:52 fire kernel: eax: ce69bf38 ebx: c8e640f8 ecx: d8ac8a40 edx: ce69bf38 Feb 8 16:54:52 fire kernel: esi: c8e640f0 edi: cbc46f30 ebp: d680db3c esp: ce69bec8 Feb 8 16:54:52 fire kernel: ds: 007b es: 007b ss: 0068 Feb 8 16:54:52 fire kernel: Process pdflush (pid: 3136, threadinfo=ce69a000 task=d74346f0) Feb 8 16:54:52 fire kernel: Stack: cbc46f30 d8878140 cbc46f30 cbc46f30 cbc46fe4 Feb 8 16:54:52 fire kernel:ce69a000 004339b2 ce69bf38 cbc46f30 ce69bf38 1bf5 c0152200 Feb 8 16:54:52 fire kernel:
2.6.11-rc3: oops in pdflush
Hi, rc3 vanilla oopses within 2 or 3 hours of heavy io load (rdiff-backup of ide disk (reiserfs3) to usb-storage (reiserfs3 on dm-crypt) and listening to internet radio in parallel). This is 100% reproducable here. Usually there occur 4 or 5 of very similar looking oopses within 3 hours until the machine is not usable anymore (all commands stuck, sysrq-sync not completing) and I have to reboot. To me the error message looks like a lock imbalance but I'm not a kernel hacker... Does anybody have an idea whats going on here? Please CC me as I'm not subscribed. Thank you. Kind regards, Gerd Feb 8 16:00:38 fire kernel: Unable to handle kernel paging request at virtual address 0002ba10 Feb 8 16:00:38 fire kernel: printing eip: Feb 8 16:00:38 fire kernel: c01a8377 Feb 8 16:00:38 fire kernel: *pde = Feb 8 16:00:38 fire kernel: Oops: [#4] Feb 8 16:00:38 fire kernel: Modules linked in: aes_i586 dm_crypt sd_mod usb_storage scsi_mod nfsd exportfs lockd sunrpc md5 ipv6 autofs4 dm_mod video button battery ac uhci_hcd ehci_hcd parport_pc parport i2c_viapro i2c_core snd_via82xx snd_ac97_codec snd_pcm_oss snd_mixer_oss snd_pcm snd_timer snd_page_alloc gameport snd_mpu401_uart snd_rawmidi snd_seq_device snd soundcore 8139too mii reiserfs Feb 8 16:00:38 fire kernel: CPU:0 Feb 8 16:00:38 fire kernel: EIP:0060:[c01a8377]Not tainted VLI Feb 8 16:00:38 fire kernel: EFLAGS: 00010282 (2.6.11-rc3) Feb 8 16:00:38 fire kernel: EIP is at sync_sb_inodes+0x3b7/0x3e0 Feb 8 16:00:38 fire kernel: eax: d746df48 ebx: c8534570 ecx: d8ac8a40 edx: cbc46fdc Feb 8 16:00:38 fire kernel: esi: c8534568 edi: cbc46f30 ebp: d680db3c esp: d746dec0 Feb 8 16:00:38 fire kernel: ds: 007b es: 007b ss: 0068 Feb 8 16:00:38 fire kernel: Process pdflush (pid: 141, threadinfo=d746c000 task=d74346f0) Feb 8 16:00:38 fire kernel: Stack: c047007b d7d1105c 0063 c03eed60 d746defc c0152200 c02955bf cbc46fe4 Feb 8 16:00:38 fire kernel:0246 c013c580 0011903f d746df48 cbc46f30 d746df48 d746df38 c0152200 Feb 8 16:00:38 fire kernel:c01a8536 c013c580 c0150910 d746df38 c015093d d746df34 f0da d746df48 Feb 8 16:00:38 fire kernel: Call Trace: Feb 8 16:00:38 fire kernel: [c0152200] pdflush+0x0/0x20 Feb 8 16:00:38 fire kernel: [c02955bf] blk_congestion_wait+0x7f/0x90 Feb 8 16:00:38 fire kernel: [c013c580] autoremove_wake_function+0x0/0x50 Feb 8 16:00:38 fire kernel: [c0152200] pdflush+0x0/0x20 Feb 8 16:00:38 fire kernel: [c01a8536] writeback_inodes+0x196/0x470 Feb 8 16:00:38 fire kernel: [c013c580] autoremove_wake_function+0x0/0x50 Feb 8 16:00:38 fire kernel: [c0150910] get_writeback_state+0x30/0x40 Feb 8 16:00:38 fire kernel: [c015093d] get_dirty_limits+0x1d/0xe0 Feb 8 16:00:38 fire kernel: [c0150be6] background_writeout+0x76/0xb0 Feb 8 16:00:38 fire kernel: [c0151e29] __pdflush+0x219/0x5f0 Feb 8 16:00:38 fire kernel: [c015221a] pdflush+0x1a/0x20 Feb 8 16:00:38 fire kernel: [c0150b70] background_writeout+0x0/0xb0 Feb 8 16:00:38 fire kernel: [c0152200] pdflush+0x0/0x20 Feb 8 16:00:38 fire kernel: [c013ba54] kthread+0x94/0xa0 Feb 8 16:00:38 fire kernel: [c013b9c0] kthread+0x0/0xa0 Feb 8 16:00:38 fire kernel: [c010130d] kernel_thread_helper+0x5/0x18 Feb 8 16:00:38 fire kernel: Code: 97 ac 00 00 00 e9 1c fe ff ff 0f 0b 6b 01 8a 4d 39 c0 e9 e4 fd ff ff 89 e8 e8 66 10 00 00 85 c0 0f 85 c8 fd ff ff e9 0a fd ff ff 8b 05 10 ba 02 00 00 00 ff d1 e9 25 fd ff ff 8b 9f b4 00 00 00 Feb 8 16:00:38 fire kernel: fs/inode.c:785: spin_lock(fs/inode.c:c03d8350) already locked by fs/fs-writeback.c/430 Feb 8 16:54:52 fire kernel: Unable to handle kernel paging request at virtual address 0002ba10 Feb 8 16:54:52 fire kernel: printing eip: Feb 8 16:54:52 fire kernel: c01a8377 Feb 8 16:54:52 fire kernel: *pde = Feb 8 16:54:52 fire kernel: Oops: [#5] Feb 8 16:54:52 fire kernel: Modules linked in: aes_i586 dm_crypt sd_mod usb_storage scsi_mod nfsd exportfs lockd sunrpc md5 ipv6 autofs4 dm_mod video button battery ac uhci_hcd ehci_hcd parport_pc parport i2c_viapro i2c_core snd_via82xx snd_ac97_codec snd_pcm_oss snd_mixer_oss snd_pcm snd_timer snd_page_alloc gameport snd_mpu401_uart snd_rawmidi snd_seq_device snd soundcore 8139too mii reiserfs Feb 8 16:54:52 fire kernel: CPU:0 Feb 8 16:54:52 fire kernel: EIP:0060:[c01a8377]Not tainted VLI Feb 8 16:54:52 fire kernel: EFLAGS: 00010282 (2.6.11-rc3) Feb 8 16:54:52 fire kernel: EIP is at sync_sb_inodes+0x3b7/0x3e0 Feb 8 16:54:52 fire kernel: eax: ce69bf38 ebx: c8e640f8 ecx: d8ac8a40 edx: ce69bf38 Feb 8 16:54:52 fire kernel: esi: c8e640f0 edi: cbc46f30 ebp: d680db3c esp: ce69bec8 Feb 8 16:54:52 fire kernel: ds: 007b es: 007b ss: 0068 Feb 8 16:54:52 fire kernel: Process pdflush (pid: 3136, threadinfo=ce69a000 task=d74346f0) Feb 8 16:54:52 fire kernel: Stack: cbc46f30 d8878140 cbc46f30 cbc46f30 cbc46fe4 Feb